Hello community, here is the log from the commit of package wpa_supplicant for openSUSE:Factory checked in at Mon May 31 18:17:29 CEST 2010. -------- --- wpa_supplicant/wpa_supplicant.changes 2010-01-31 14:24:03.000000000 +0100 +++ /mounts/work_src_done/STABLE/wpa_supplicant/wpa_supplicant.changes 2010-05-28 12:53:18.000000000 +0200 @@ -1,0 +2,6 @@ +Fri May 28 12:49:53 CEST 2010 - vbotka@suse.de + +- Fix fallback from failed PMKSA caching into full EAP authentication + (bnc 601501) + +------------------------------------------------------------------- calling whatdependson for head-i586 New: ---- Fix_Fallback_From_Failed_PMKSA_Into_Full_EAP.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ wpa_supplicant.spec ++++++ --- /var/tmp/diff_new_pack.9rVMQr/_old 2010-05-31 18:17:01.000000000 +0200 +++ /var/tmp/diff_new_pack.9rVMQr/_new 2010-05-31 18:17:01.000000000 +0200 @@ -22,7 +22,7 @@ BuildRequires: dbus-1-devel libnl-devel libqt4 libqt4-devel openssl-devel pkg-config readline-devel Url: http://hostap.epitest.fi/wpa_supplicant/ Version: 0.7.1 -Release: 1 +Release: 2 License: BSD3c(or similar) ; GPLv2+ Group: Productivity/Networking/Other Summary: WPA supplicant implementation @@ -45,6 +45,7 @@ # roaming is implemented in a clean way this patch should be removed Patch8: wpa_supplicant-roaming.patch Patch9: wpa_supplicant-pkcs11-init-args.patch +Patch10: Fix_Fallback_From_Failed_PMKSA_Into_Full_EAP.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build Requires: logrotate @@ -91,6 +92,7 @@ #%patch8 -p2 # Patch does not apply anymore #%patch9 -p2 +%patch10 -p0 %build cd wpa_supplicant ++++++ Fix_Fallback_From_Failed_PMKSA_Into_Full_EAP.patch ++++++ commit b4a1256d3660a2b5239062a9b42de79b8a34286a Author: Jouni Malinen <j@w1.fi> Date: Sat May 1 17:35:28 2010 +0300 Fix fallback from failed PMKSA caching into full EAP authentication Commit 83935317a78fb4157eb6e5134527b9311dbf7b8c added forced disconnection in case of 4-way handshake failures. However, it should not have changed the case where the supplicant is requesting fallback to full EAP authentication if the PMKID in EAPOL-Key message 1/4 is not know. This case needs to send an EAPOL-Start frame instead of EAPOL-Key message 2/4. This works around a problem with APs that try to force PMKSA caching even when the client does not include PMKID in (re)association request frame to request it. [Bug 355] diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c index 885d173..9439f97 100644 --- src/rsn_supp/wpa.c +++ src/rsn_supp/wpa.c @@ -231,6 +231,7 @@ static int wpa_supplicant_get_pmk(struct wpa_sm *sm, wpa_sm_ether_send(sm, sm->bssid, ETH_P_EAPOL, buf, buflen); os_free(buf); + return -2; } return -1; @@ -361,6 +362,7 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm, struct wpa_eapol_ie_parse ie; struct wpa_ptk *ptk; u8 buf[8]; + int res; if (wpa_sm_get_network_ctx(sm) == NULL) { wpa_printf(MSG_WARNING, "WPA: No SSID info found (msg 1 of " @@ -388,7 +390,13 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm, } #endif /* CONFIG_NO_WPA2 */ - if (wpa_supplicant_get_pmk(sm, src_addr, ie.pmkid)) + res = wpa_supplicant_get_pmk(sm, src_addr, ie.pmkid); + if (res == -2) { + wpa_printf(MSG_DEBUG, "RSN: Do not reply to msg 1/4 - " + "requesting full EAP authentication"); + return; + } + if (res) goto failed; if (sm->renew_snonce) { ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org